--- libzip-0.11.2/lib/zip_dirent.c.orig 2015-03-20 11:15:46.257040980 -0400 +++ libzip-0.11.2/lib/zip_dirent.c 2015-03-20 11:19:17.867936503 -0400 @@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc if (nentry == 0) cd->entry = NULL; - else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { + else if ( nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { _zip_error_set(error, ZIP_ER_MEMORY, 0); free(cd); return NULL;